﻿using System;
using System.Collections.Generic;
using System.Configuration;
using System.Data;
using System.Data.SqlClient;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;

public partial class Login : System.Web.UI.Page
{
    DataSet ds;
    SqlDataAdapter da;
    SqlCommand acc;
    protected void Page_Load(object sender, EventArgs e)
    {
        
    }
    protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)
    {
        
        bool Logined = false;
        string strSql = "";
        SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["connect"].ConnectionString);
        if (conn.State == ConnectionState.Closed)
            conn.Open();
        strSql += "SELECT [Username],[Password], [Acctype] FROM [Accounts] ";
        strSql += "WHERE [Username] = @UserName AND [Password] = @Password ";
        SqlCommand cmd = new SqlCommand(strSql, conn);
        cmd.CommandType = CommandType.Text;
        cmd.Parameters.Add(new SqlParameter("@UserName", Login1.UserName));
        cmd.Parameters.Add(new SqlParameter("@Password", Login1.Password));

        SqlDataReader rs = cmd.ExecuteReader();
        if (rs.Read())
        {
            FormsAuthentication.SetAuthCookie(Login1.UserName, Login1.RememberMeSet);
            if (Login1.RememberMeSet == true)
            {
                if (Request.Cookies["User"] == null)
                {
                    HttpCookie httpcookie = new HttpCookie("User");
                    Response.Cookies.Add(httpcookie);
                    httpcookie.Values.Add("UserName", rs["UserName"].ToString());
                    httpcookie.Values.Add("Password", rs["Password"].ToString());
                    DateTime dtExpiry = DateTime.Now.AddDays(12);
                    Response.Cookies["User"].Expires = dtExpiry;
                }
                else
                {
                    Request.Cookies["User"]["UserName"] = rs["UserName"].ToString();
                    Request.Cookies["User"]["Password"] = rs["Password"].ToString();
                }
            }
            else
            {
                if (Request.Cookies["User"] != null)
                {

                    Request.Cookies.Remove("User");
                }
            }
            Logined = true;

            conn.Close();
            int type;

            if (conn.State == ConnectionState.Closed)
                conn.Open();
            string strAcc = "";
            strAcc += "Select AccType from [Accounts] where [Username] = @UserName AND [Password] = @Password";
            acc = new SqlCommand(strAcc, conn);
            ds = new DataSet();
            acc.CommandType = CommandType.Text;
            acc.Parameters.Add(new SqlParameter("@UserName", Login1.UserName));
            acc.Parameters.Add(new SqlParameter("@Password", Login1.Password));
            //SqlDataReader rs = acc.ExecuteReader();
            acc.ExecuteNonQuery();
            da = new SqlDataAdapter(acc);

            da.Fill(ds);
            type = Convert.ToInt32(ds.Tables[0].Rows[0][0].ToString());
            conn.Close();
            cmd.Dispose();
            if (Logined == true)
            {

                if (type == 0)
                {
                    Session["UserName"] = Login1.UserName;
                    Session["Password"] = Login1.Password;
                    Session["Quyen"] = "User";
                    Response.Redirect("Default.aspx");
                }
                else
                {
                    Session["UserName"] = Login1.UserName;
                    Session["Password"] = Login1.Password;
                    Session["Quyen"] = "Admin";
                    Response.Redirect("Default.aspx");
                }
            }
        }
    }
}